Smaller online merchants set the pace for payment security

Smaller online retailers take payment card security more seriously than do their bricks-and-mortar peers, suggest new survey results from ControlScan Inc. and Merchant Warehouse, companies that provide payment services to merchants.

A report based on the survey results focused on Level 4 merchants—that is, online retailers who process less than 20,000 card transactions annually, or 1 million for bricks-and-mortar merchants.

The survey found that 70% of e-commerce operators understand that the Payment Card Industry Data Security Standard—a set of rules created by payment card networks to protect cardholder data—is mandatory (not following the rules can lead to fines for merchants). That compares with 52% of bricks-and-mortar merchants who said the same.

Additionally, 56% of online retailers say they place what the vendors call a “high priority on security,” compared with 44% of store retailers. And 70% of e-retailers have completed compliance validations for PCI—a process that can reduce a merchant’s liability when payment card fraud does happen—compared with 45% of bricks-and-mortar merchants.

The two companies arrived at their findings after conducting online surveys of 603 merchants, about 16% of which were online retailers. 44% were bricks-and-mortar merchants, while the remaining 40% were catalogers or sell across multiple channels. 70% of survey respondents held such titles as CEO, president and owner.